9382 matches found
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-813)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-813 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for wri...
Important: iperf3
Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...
Important: python3-jinja2
Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Important: python-jinja2
Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Important: redis
Issue Overview: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional...
Important: python3-jinja2
Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Important: iperf3
Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Issue Correction: Run dnf update iperf3 --releasever 2023.6.20250123 to update your system. New Packages: aarch64: ...
Important: iperf3
Issue Overview: iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Affected Packages: iperf3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...
Important: postgresql
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
Important: postgresql
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
Medium: perl-Module-ScanDeps
Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
Medium: runfinch-finch
Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 golang-jwt is a Go implementation of JSON Web Tokens. Unclear...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-078 (ALASKERNEL-5.10-2025-078)
The version of kernel installed on the remote host is prior to 5.10.230-223.885. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-078 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-061 (ALASKERNEL-5.15-2025-061)
The version of kernel installed on the remote host is prior to 5.15.176-118.170. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-061 advisory. In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-809)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-809 advisory. In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when CVE-2023-52926 In the Linux kernel, the following...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-079 (ALASKERNEL-5.10-2025-079)
The version of kernel installed on the remote host is prior to 5.10.233-223.887. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-079 advisory. In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-091)
The version of kernel installed on the remote host is prior to 5.4.288-202.389. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-091 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning...
Low: ansible-core
Issue Overview: No CVE associated with this advisory Affected Packages: ansible-core Issue Correction: Run dnf update ansible-core --releasever 2023.6.20250123 or dnf update --advisory ALAS2023-2025-820 --releasever 2023.6.20250123 to update your system. More information on how to update your...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-816)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-816 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
Amazon Linux 2 : iperf3 (ALAS-2025-2736)
The version of iperf3 installed on the remote host is prior to 3.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2736 advisory. iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function. CVE-2024-53580 Tenable ha...